A Medicare Advantage insurer has reported a cybersecurity incident involving personal and medical information tied to thousands of individuals.
Care N’ Care Insurance Company, a Medicare Advantage provider, reported a data breach affecting at least 32,452 Texas residents. The breach involved unauthorized access to systems containing both personally identifiable information (PII) and protected health information (PHI).
The compromised data includes names, addresses, dates of birth, Social Security numbers, health insurance details, and medical information. The breach was disclosed to the Texas Attorney General’s Office on October 7, 2025.
The incident has raised concerns due to the nature of the exposed information. A combination of Social Security numbers and medical data can enable both identity theft and medical fraud, where threat actors use stolen details to obtain care, prescriptions, or submit fraudulent claims.
While the full scope of the breach is still being determined, the current report only reflects Texas residents. It's not yet clear whether individuals in other states were also affected.
Care N’ Care has stated that it is complying with legal requirements by notifying affected individuals via mail. The company may also offer free credit monitoring or identity protection services, although these details have not been publicly confirmed.
The insurer has not commented on the root cause of the breach, whether it was a ransomware incident, or how the unauthorized access occurred.
According to Paubox report data, the healthcare sector is marked by “severe system vulnerabilities and escalating financial risk,” with the average cost of a data breach “as high as $11 million”, the highest of any industry. The report noted that these risks are compounded by strict regulatory oversight, as the HHS Office for Civil Rights (OCR) warns that organizations must act proactively “and not wait for an incident to reveal long-standing HIPAA deficiencies.” Paubox also found that “31.1% of breached organizations” had multiple unresolved security gaps, showing how poor technical controls and weak enforcement continue to leave patient data exposed across the industry.
Medicare Advantage (Part C) is a private insurance alternative to traditional Medicare that often includes additional benefits like prescription drug coverage, vision, or dental services.
Health insurance information can be used in medical identity theft, which allows criminals to access services, prescriptions, or submit fraudulent claims in someone else’s name.
Under HIPAA and state regulations, insurers must notify affected individuals, report the breach to authorities, and often offer remediation like credit monitoring.
Affected individuals should monitor credit reports, watch for suspicious medical bills, and consider placing fraud alerts or freezes on their credit files.
Beyond immediate identity theft, victims may face higher insurance premiums, denied claims, or years of financial clean-up due to fraudulent medical histories tied to their records.